cve-2014-0133

Vulnerability from cvelistv5

Published

2014-03-28 15:00

Modified

2024-08-06 09:05

Severity

Summary

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.

References

Source	URL	Tags
secalert@redhat.com	http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html	Vendor Advisory
secalert@redhat.com	http://www.securityfocus.com/bid/66537	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:05:38.993Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[nginx-announce] 20140318 nginx security advisory (CVE-2014-0133)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html"
          },
          {
            "name": "openSUSE-SU-2014:0450",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html"
          },
          {
            "name": "66537",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/66537"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-03-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-06-02T14:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[nginx-announce] 20140318 nginx security advisory (CVE-2014-0133)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html"
        },
        {
          "name": "openSUSE-SU-2014:0450",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html"
        },
        {
          "name": "66537",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/66537"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-0133",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[nginx-announce] 20140318 nginx security advisory (CVE-2014-0133)",
              "refsource": "MLIST",
              "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html"
            },
            {
              "name": "openSUSE-SU-2014:0450",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html"
            },
            {
              "name": "66537",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/66537"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-0133",
    "datePublished": "2014-03-28T15:00:00",
    "dateReserved": "2013-12-03T00:00:00",
    "dateUpdated": "2024-08-06T09:05:38.993Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-0133\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2014-03-28T15:55:08.607\",\"lastModified\":\"2021-11-10T15:59:33.583\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de buffer basado en memoria din\u00e1mica en la implementaci\u00f3n SPDY en nginx 1.3.15 anterior a 1.4.7 y 1.5.x anterior a 1.5.12 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud manipulado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":7.5},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.3.15\",\"versionEndExcluding\":\"1.4.7\",\"matchCriteriaId\":\"DF972C26-FCBE-4C1E-AB93-0910417822D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.5.0\",\"versionEndIncluding\":\"1.5.11\",\"matchCriteriaId\":\"AD451BED-EF75-456D-84A3-96730D839EAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A10BC294-9196-425F-9FB0-B1625465B47F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A10BC294-9196-425F-9FB0-B1625465B47F\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/66537\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

gsd-2014-0133

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.

Aliases

CVE-2014-0133

Aliases

CVE-2014-0133

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-0133",
    "description": "Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.",
    "id": "GSD-2014-0133",
    "references": [
      "https://www.suse.com/security/cve/CVE-2014-0133.html",
      "https://advisories.mageia.org/CVE-2014-0133.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2014-0133.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-0133"
      ],
      "details": "Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.",
      "id": "GSD-2014-0133",
      "modified": "2023-12-13T01:22:44.932206Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2014-0133",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "[nginx-announce] 20140318 nginx security advisory (CVE-2014-0133)",
            "refsource": "MLIST",
            "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html"
          },
          {
            "name": "openSUSE-SU-2014:0450",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html"
          },
          {
            "name": "66537",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/66537"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.4.7",
                "versionStartIncluding": "1.3.15",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.5.11",
                "versionStartIncluding": "1.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-0133"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2014:0450",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html"
            },
            {
              "name": "[nginx-announce] 20140318 nginx security advisory (CVE-2014-0133)",
              "refsource": "MLIST",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html"
            },
            {
              "name": "66537",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/66537"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2021-11-10T15:59Z",
      "publishedDate": "2014-03-28T15:55Z"
    }
  }
}

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. nginx is prone to a heap-based buffer-overflow vulnerability. Successful exploitation of this issue allow an attacker to execute arbitrary code in the context of the application, failed exploit attempts may lead to denial-of-service. nginx 1.3.15 through 1.4.7 and 1.5.0 through 1.5.12 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201406-20

                                        http://security.gentoo.org/

Severity: Normal Title: nginx: Arbitrary code execution Date: June 22, 2014 Bugs: #505018 ID: 201406-20

Synopsis

A vulnerability has been found in nginx which may allow execution of arbitrary code.

Background

nginx is a robust, small, and high performance HTTP and reverse proxy server. The SPDY implementation is not enabled in default configurations.

Workaround

Disable the spdy module in NGINX_MODULES_HTTP.

Resolution

All nginx users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.4.7"

References

[ 1 ] CVE-2014-0133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0133

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201406-20.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 .

Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position (CVE-2014-3616).

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616 http://advisories.mageia.org/MGASA-2014-0136.html http://advisories.mageia.org/MGASA-2014-0427.html

Updated Packages:

Mandriva Business Server 2/X86_64: f859044a48eda0b859c931bce3688184 mbs2/x86_64/nginx-1.4.7-1.mbs2.x86_64.rpm 36f49f7a1ca40c8546e82d514023b3f4 mbs2/SRPMS/nginx-1.4.7-1.mbs2.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFVFnUlmqjQ0CJFipgRAvneAJ0evtNmMhS+lWltq9051wHRR6vuDgCg3BW0 x8jC+tKifZWs8shTG2EYzgo= =oIRY -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201403-0548",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "novell",
        "version": "13.1"
      },
      {
        "model": "nginx",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.3.15"
      },
      {
        "model": "nginx",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.5.11"
      },
      {
        "model": "nginx",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.4.7"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.1"
      },
      {
        "model": "nginx",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.5.0"
      },
      {
        "model": "nginx",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "igor sysoev",
        "version": "1.3.15"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "igor sysoev",
        "version": "1.4.7"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "igor sysoev",
        "version": "1.5.12"
      },
      {
        "model": "nginx",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "igor sysoev",
        "version": "1.5.x"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nginx",
        "version": "1.5.4"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nginx",
        "version": "1.5.5"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nginx",
        "version": "1.3.16"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nginx",
        "version": "1.4.3"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nginx",
        "version": "1.5.0"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nginx",
        "version": "1.4.1"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nginx",
        "version": "1.4.0"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nginx",
        "version": "1.3.15"
      },
      {
        "model": "nginx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nginx",
        "version": "1.4.2"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "66537"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001833"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0133"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-536"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.4.7",
                "versionStartIncluding": "1.3.15",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.5.11",
                "versionStartIncluding": "1.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0133"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Lucas Molas",
    "sources": [
      {
        "db": "BID",
        "id": "66537"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-0133",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.1,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2014-0133",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-67626",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-0133",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2014-0133",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201403-536",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-67626",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-67626"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001833"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0133"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-536"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. nginx is prone to a heap-based buffer-overflow vulnerability. \nSuccessful exploitation of this issue allow an attacker to execute arbitrary code in the context of the application, failed exploit attempts may lead to denial-of-service. \nnginx 1.3.15 through 1.4.7 and 1.5.0 through 1.5.12 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201406-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: nginx: Arbitrary code execution\n     Date: June 22, 2014\n     Bugs: #505018\n       ID: 201406-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability has been found in nginx which may allow execution of\narbitrary code. \n\nBackground\n==========\n\nnginx is a robust, small, and high performance HTTP and reverse proxy\nserver. The SPDY implementation is not enabled in default\nconfigurations. \n\nWorkaround\n==========\n\nDisable the spdy module in NGINX_MODULES_HTTP. \n\nResolution\n==========\n\nAll nginx users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=www-servers/nginx-1.4.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-0133\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0133\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201406-20.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n \n Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\n it was possible to reuse cached SSL sessions in unrelated contexts,\n allowing virtual host confusion attacks in some configurations by an\n attacker in a privileged network position (CVE-2014-3616). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616\n http://advisories.mageia.org/MGASA-2014-0136.html\n http://advisories.mageia.org/MGASA-2014-0427.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n f859044a48eda0b859c931bce3688184  mbs2/x86_64/nginx-1.4.7-1.mbs2.x86_64.rpm \n 36f49f7a1ca40c8546e82d514023b3f4  mbs2/SRPMS/nginx-1.4.7-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFnUlmqjQ0CJFipgRAvneAJ0evtNmMhS+lWltq9051wHRR6vuDgCg3BW0\nx8jC+tKifZWs8shTG2EYzgo=\n=oIRY\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0133"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001833"
      },
      {
        "db": "BID",
        "id": "66537"
      },
      {
        "db": "VULHUB",
        "id": "VHN-67626"
      },
      {
        "db": "PACKETSTORM",
        "id": "127175"
      },
      {
        "db": "PACKETSTORM",
        "id": "131099"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-0133",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "66537",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001833",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-536",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "127175",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "131099",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-67626",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-67626"
      },
      {
        "db": "BID",
        "id": "66537"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001833"
      },
      {
        "db": "PACKETSTORM",
        "id": "127175"
      },
      {
        "db": "PACKETSTORM",
        "id": "131099"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0133"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-536"
      }
    ]
  },
  "id": "VAR-201403-0548",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-67626"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:51:48.213000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "openSUSE-SU-2014:0450",
        "trust": 0.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html"
      },
      {
        "title": "CVE-2014-0133",
        "trust": 0.8,
        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html"
      },
      {
        "title": "nginx-1.4.7-3.9.1.x86_64",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48927"
      },
      {
        "title": "nginx-1.4.7-3.9.1.src",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48926"
      },
      {
        "title": "nginx-1.5.12",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48924"
      },
      {
        "title": "nginx-1.4.7",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48923"
      },
      {
        "title": "nginx-1.4.7",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48922"
      },
      {
        "title": "nginx-1.5.12",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=48925"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001833"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-536"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-67626"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001833"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0133"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/66537"
      },
      {
        "trust": 1.7,
        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0133"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0133"
      },
      {
        "trust": 0.3,
        "url": "http://nginx.org/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0133"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201406-20.xml"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0133"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0136.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/en/support/security/advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3616"
      },
      {
        "trust": 0.1,
        "url": "http://advisories.mageia.org/mgasa-2014-0427.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3616"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-67626"
      },
      {
        "db": "BID",
        "id": "66537"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001833"
      },
      {
        "db": "PACKETSTORM",
        "id": "127175"
      },
      {
        "db": "PACKETSTORM",
        "id": "131099"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0133"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-536"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-67626"
      },
      {
        "db": "BID",
        "id": "66537"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001833"
      },
      {
        "db": "PACKETSTORM",
        "id": "127175"
      },
      {
        "db": "PACKETSTORM",
        "id": "131099"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0133"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-536"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-03-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-67626"
      },
      {
        "date": "2014-03-18T00:00:00",
        "db": "BID",
        "id": "66537"
      },
      {
        "date": "2014-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001833"
      },
      {
        "date": "2014-06-24T00:56:14",
        "db": "PACKETSTORM",
        "id": "127175"
      },
      {
        "date": "2015-03-30T21:26:01",
        "db": "PACKETSTORM",
        "id": "131099"
      },
      {
        "date": "2014-03-28T15:55:08.607000",
        "db": "NVD",
        "id": "CVE-2014-0133"
      },
      {
        "date": "2014-03-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201403-536"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-11-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-67626"
      },
      {
        "date": "2014-06-23T06:45:00",
        "db": "BID",
        "id": "66537"
      },
      {
        "date": "2014-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001833"
      },
      {
        "date": "2021-11-10T15:59:33.583000",
        "db": "NVD",
        "id": "CVE-2014-0133"
      },
      {
        "date": "2023-05-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201403-536"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-536"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "nginx of  SPDY Implementation of heap-based buffer overflow vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001833"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-536"
      }
    ],
    "trust": 0.6
  }
}

ghsa-m342-r7h7-vj42

Vulnerability from github

Published

2022-05-13 01:05

Modified

2022-05-13 01:05

Details

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-0133"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-03-28T15:55:00Z",
    "severity": "HIGH"
  },
  "details": "Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.",
  "id": "GHSA-m342-r7h7-vj42",
  "modified": "2022-05-13T01:05:16Z",
  "published": "2022-05-13T01:05:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0133"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html"
    },
    {
      "type": "WEB",
      "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/66537"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Action not permitted

cve-2014-0133

Vulnerability from cvelistv5

gsd-2014-0133

Vulnerability from gsd

var-201403-0548

Vulnerability from variot

Synopsis

Background

Workaround

Resolution

References

Availability

Concerns?

License

ghsa-m342-r7h7-vj42

Vulnerability from github

Tags